Docket No.: CISCO- 1935 
AMENDMENTS TO CLAIMS 

Kindly amend claims 1-4, 6, 10, 15 and 21 and cancel claims 12, 18 and 24 as 
follows. 

1. (Currently Amended) In a firewall device having a plurality of communication 
interfaces, a firewall system comprising; 

a) a firewall core connected to each of said plurality of communication interface 
interfaces : and 

b) at least one inspection module coupled for communication to said firewall 
core, each said at least one inspection module configured to provide protocol 
inspection of data packets to said firewall core, said firewall core configured to 
receive data packets from said plurality of communication interfaces and 
communicate said packets to said at least one said inspection module for 
inspection, said at least one inspection module is further configured to be 
installed during the operation of the firewall system. 

2. (Currently Amended) The firewall system of claim 1 claim 1, wherein said 
inspection module is installed into a memory space monitored by said firewall core. 

3. (Currently Amended) The firewall system of claim 1, wherein said at least one 
inspection module further comprises a plurality of callback functions, said plurality of 
callback functions communicated to said firewall core and providing communication 
between said firewall core and said at least one inspection module. 



2 




Docket No.: CISCO-1935 



4. (Currently Amended) The firewall system of claim 1, wherein said at least one 
inspection module is further configured to indicate to said firewall core for which data 
packets said at least one inspection module is configured to provide inspection. 

5. (Original) The firewall system of claim 1, wherein said data packets intercepted by 
said firewall core further includes session information comprising address and port data, 
said firewall core further configured to map said session information to corresponding 
inspection modules. 

6. (Currently Amended) In a firewall device having a plurality of communication 
interfaces, a firewall core configured to be coupled to at least one inspection module, 
said firewall core comprising: 

a) a communication unit operatively coupled to the communication interfaces; 
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b) a set of callback functions, retrieved from said inspection module, each said 
function providing communication between said firewall core and said 
inspection module : and 

c} wherein said firewall core being configured to monitor a memory to determine 
when a new inspection module is loaded into said memory . 

7. (Original) The firewall core of claim 6, wherein said communication unit is further 
configured to intercept network data communicated via said network interfaces. 

8. (Original) The firewall core of claim 7, further comprising a session mapping unit, 
said data packets intercepted by said firewall core further including session information 
comprising address and port data, said firewall core further configured to map said 

3 



Docket No.: CISCO-1935 
session information to corresponding inspection modules into a session mapping and 
store said session mapping into said session mapping unit. 



9. (Original) The firewall core of claim 6, wherein said communication unit is further 
configured to communicate packets between said communication interfaces and said 
inspection module for inspection. 



10. (Currently Amended) In a firewall device having a plurality of communication 
interfaces and a firewall core coupled to the communication interfaces, an inspection 
module configured to couple with the firewall core, said inspection module comprising: 

a) an inspection unit configured to inspect and authorize data packets; -and- 

b) a function table having a set of callback functions each said function 
providing communication between said firewall core and said inspection 
module : and 

£). wherein said inspection module is loaded into a memory monitored by said 
firewall core during operation of said firewall device . 



11. (Original) The inspection module of claim 10, where in said inspection unit is 
further configured to be installed during the operation of the firewall core. 



12. (Cancel) The firewall system of claimlO, wherein said inspection module is 
installed into a memory space monitored by said firewall core. 

13. (Original) The firewall system of claim 1, wherein said inspection module is further 
configured to indicate to said firewall core for which data packets said inspection 
module is configured to provide inspection. 
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14. (Original) The inspection module of claim 10, where in said inspection unit is 
further configured to receive and inspect packets communicated from the firewall core. 

15. (Currently Amended) In a firewall device having a firewall system including a 
firewall core, a method for adding protocol knowledge to the firewall system during 
runtime comprising: 

a) loading an inspection module into a memory monitored by said firewall core 
during operation of said firewall system wherein said inspection module 
comprises comprising new protocol inspection knowledge and a function 
table having a set of callback functions; 

b) notifying the firewall core of said inspection module; and 

c) communicating said set of callback functions to said firewall core. 

16. (Original) The method of claim 15, further comprising enabling said inspection 
module, prior to communicating said set of callback function to said firewall core. 

17. (Original) The method of claim 15 further comprising inspecting of packets by 
said inspection module, said packets communicated from the firewall core to said 
inspection module. 

18. (Cancel) The method of claim 15 wherein said notifying the firewall core 
comprises loading said inspection module into a memory space monitored by the firewall 
core. 
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19. (Original) The method of claim 15 wherein said notifying the firewall core 
comprises transmitting a signal to the firewall core to indicate the installation of said 
inspection module. 

20. (Original) The method of claim 15, further comprising indicating by said 
inspection module for which data packets said inspection module provides inspection. 

21. (Currently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
adding protocol knowledge to a firewall system during runtime comprising, said firewall 
system including a firewall core, said method comprising: 

a) loading an inspection module into a memory monitored by said firewall core 
during operation of said firewall system wherein said inspection module 
comprises comprising new protocol inspection knowledge and a function 
table having a set of callback functions; 

b) notifying the firewall core of said inspection module; and 

c) communicating said set of callback functions to said firewall core. 

22. (Original) The program storage device of claim 21, said method further comprising 
enabling said inspection module, prior to communicating said set of callback function to 
said firewall core. 

23. (Original) The program storage device of claim 21, said method further comprising 
inspecting of packets by said inspection module, said packets communicated from the 
firewall core to said inspection module. 
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24. (Cancel) The program storage device of claim 21, wherein said notifying the 
firewall core comprises loading said inspection module into a memory space monitored 
by the firewall core. 

25. (Original) The program storage device of claim 21, wherein said notifying the 
firewall core comprises transmitting a signal to the firewall core to indicate the loading of 
said inspection module. 

26. (Original) The program storage device of claim 21, said method further comprising 
indicating by said inspection module for which data packets said inspection module 
provides inspection. 
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